This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Guide to Authentication"
(New page: "When used in a single factor authentication method (for example, just a thumbprint with no username or password), biometrics are the weakest form of authentication available and are unsui...) |
(Comment on Threshold Governer section) |
||
Line 3: | Line 3: | ||
So I am removing that sentence. There are much worse implementations of single factor authentication. | So I am removing that sentence. There are much worse implementations of single factor authentication. | ||
+ | --------------------------------------------- | ||
+ | |||
+ | I don't know if this is strictly true: | ||
+ | " * Password change** | ||
+ | * Password resets** | ||
+ | |||
+ | (**Low value systems only - Most medium and all high value systems should not be using passwords, and thus do not possess password reset capabilities) " | ||
+ | |||
+ | Perhaps it should read "Most medium and all high value systems should use more than one factor of authentication and should not rely exclusively on passwords." |
Latest revision as of 20:44, 2 December 2009
"When used in a single factor authentication method (for example, just a thumbprint with no username or password), biometrics are the weakest form of authentication available and are unsuitable for even moderate risk applications." Biometrics is still a better single factor auth method than having a username/password based one which doesnt enforce password complexity or account lockout.
So I am removing that sentence. There are much worse implementations of single factor authentication.
I don't know if this is strictly true: " * Password change**
* Password resets**
(**Low value systems only - Most medium and all high value systems should not be using passwords, and thus do not possess password reset capabilities) "
Perhaps it should read "Most medium and all high value systems should use more than one factor of authentication and should not rely exclusively on passwords."